Commit 67437318 authored by CAMPION Sebastien's avatar CAMPION Sebastien

Basic Auth support

parent ed87a7b9
......@@ -12,7 +12,7 @@ RUN apt-get update && apt-get -t stretch-backports install -y \
python3-django python3-django-allauth
RUN apt-get install -y mysql-server default-libmysqlclient-dev \
nginx-light zip python3-dev python3-pip python3-mysqldb python-mysqldb \
nginx-light zip python3-dev python3-pip python3-mysqldb python-mysqldb python3-crypto \
supervisor && pip3 install gunicorn
......@@ -30,4 +30,5 @@ RUN rm /etc/nginx/sites-enabled/default && \
WORKDIR /opt/allgo
LABEL dk.migrate_always=1
ENV PYTHONUNBUFFERED 1
CMD run-allgo
......@@ -3,6 +3,9 @@ import time
import hashlib
import base64
import subprocess
import binascii
from Crypto.PublicKey import RSA
from jose import jwt
SIGNING_KEY_PATH = os.environ.get('SIGNING_KEY_PATH')
......@@ -21,13 +24,13 @@ def run_command(command):
def key_id_encode(the_bytes):
source = base64.b32encode(the_bytes).rstrip("=")
source = base64.b32encode(the_bytes)
result = []
for i in xrange(0, len(source), 4):
for i in range(0, len(source), 4):
start = i
end = start+4
result.append(source[start:end])
return ":".join(result)
return ":".join(map(str, result))
def kid_from_crypto_key(private_key_path, key_type='EC'):
......@@ -41,20 +44,8 @@ def kid_from_crypto_key(private_key_path, key_type='EC'):
ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
"""
algorithm = hashlib.sha256()
if key_type == 'EC':
der, msg = run_command(['openssl', 'ec', '-in', private_key_path,
'-pubout', '-outform', 'DER'])
elif key_type == 'RSA':
der, msg = run_command(['openssl', 'rsa', '-in', private_key_path,
'-pubout', '-outform', 'DER'])
else:
raise Exception("Key type not supported")
if not der:
raise Exception(msg)
key = RSA.importKey(open(private_key_path).read())
der = key.publickey().exportKey("DER")
algorithm.update(der)
return key_id_encode(algorithm.digest()[:30])
......@@ -112,3 +103,4 @@ class Token(object):
headers=self.header)
return token
import base64
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.models import User
from django.shortcuts import render, get_object_or_404
from django.http import JsonResponse
from django.http import JsonResponse, HttpResponse
from django.urls import reverse
from django.views.generic import (
ListView,
......@@ -12,7 +15,7 @@ from allgo.django.allgo.main.tokens import Token
from .models import Webapp, Job, AllgoUser
def get_allowed_actions(actions):
def get_allowed_actions(user, actions):
# FIXME restrict to repository and acl define in DB
return actions
......@@ -22,11 +25,21 @@ def index(request):
def tokens(request):
if not request.user.is_authenticated:
return JsonResponse({'WWW-Authenticate': 'Basic realm="Login Required"'}, status=401)
service = request.args.get('service')
scope = request.args.get('scope')
auth_header = request.META.get('HTTP_AUTHORIZATION', '')
token_type, credentials = auth_header.split(' ')
username, password = base64.b64decode(credentials).decode('utf-8').split(':')
print(username, password)
try:
user = User.objects.get(email=username)
except User.DoesNotExist:
return HttpResponse(status=401)
password_valid = user.check_password(password)
if token_type != 'Basic' or not password_valid:
return HttpResponse(status=401)
service = request.GET['service']
scope = request.GET['scope']
if not scope:
typ = ''
name = ''
......
......@@ -2,5 +2,6 @@ Django==1.11
mysqlclient==1.3.12
django-environ==0.4.4
django-allauth==0.35.0
jwt
python-jose==2.0.2
pyopenssl
......@@ -2,168 +2,168 @@
version: '2'
networks:
dev:
driver: bridge
sandboxes:
driver: bridge
services:
dev-registry:
container_name: dev-registry
build: registry
#image: allgo/registry
# DJANGO
######################################################################################################################
dev-django:
container_name: dev-django
build: django
user: "$DOCKERUSER"
ports:
- "127.0.0.1:8000-8002:8000-8002"
- "8008:8000"
command: "python3 manage.py runserver 0.0.0.0:8000"
volumes:
- "/data/dev/django:/vol"
- "./django:/opt/allgo"
- "./certs:/certs"
networks: [dev]
tty: true
stdin_open: true
environment:
PYTHONUNBUFFERED: 1
ALLGO_ALLOWED_HOSTS: 0.0.0.0
DJANGO_DEBUG: 1
ALLGO_DEBUG: "True"
ALLGO_EMAIL_BACKEND: "django.core.mail.backends.console.EmailBackend"
ALLGO_SECRET_KEY: "nFgLEiedSJfYKyJA6WjkiGs8c23vokcVoM4DDLi9GsCX36TdsR"
ALLGO_DATABASE_PASSWORD: "allgo"
SIGNING_KEY_PATH: "/certs/server.key"
SIGNING_KEY_TYPE: "RSA"
SIGNING_KEY_ALG: "RS256"
ISSUER: "allgo_oauth"
TOKEN_EXPIRATION: "3600"
TOKEN_TYPE: "JWT"
# REGISTRY
######################################################################################################################
dev-registry:
container_name: dev-registry
image: registry:2
ports:
- "5000:5000"
volumes:
- "/data/dev/registry:/vol"
- "./certs:/certs"
environment:
REGISTRY_LOG_LEVEL: "debug"
REGISTRY_HTTP_TLS_CERTIFICATE: "/certs/server.crt"
REGISTRY_HTTP_TLS_KEY: "/certs/server.key"
REGISTRY_AUTH: "token"
REGISTRY_AUTH_TOKEN_REALM: "http://django:8080/tokens"
REGISTRY_AUTH_TOKEN_REALM: "http://django:8000/tokens"
REGISTRY_AUTH_TOKEN_SERVICE: "allgo_registry"
REGISTRY_AUTH_TOKEN_ISSUER: "allgo_oauth"
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: "/certs/server.crt"
# CONTROLLER
######################################################################################################################
dev-controller:
container_name: dev-controller
build: controller
#image: allgo/controller
volumes:
- "/data/dev/controller:/vol"
- "./controller:/opt/allgo-docker"
- "/:/vol/host:ro"
environment:
ENV: "dev"
REGISTRY: "localhost:8002/allgo/dev"
DEBUG: "1"
networks: [dev]
# override default command (to allow running the controller manually with ./shell)
#command: ["/bin/bash"]
#tty: true
#stdin_open: true
networks: [dev]
# MYSQL
######################################################################################################################
dev-mysql:
container_name: dev-mysql
build: mysql
#image: allgo/mysql
user: "$DOCKERUSER"
ports:
- "3306:3306"
volumes:
- "/data/dev/mysql:/vol"
networks: [dev]
# SSH
######################################################################################################################
dev-ssh:
container_name: dev-ssh
build: ssh
#image: allgo/ssh
ports:
- "127.0.0.1:2222:22"
volumes:
- "/data/dev/ssh:/vol"
- "./ssh:/opt/allgo-ssh"
environment:
ENV: "dev"
networks: [dev, sandboxes]
# RAILS
######################################################################################################################
dev-rails:
container_name: dev-rails
build: rails
#image: allgo/rails
user: "$DOCKERUSER"
ports:
- "127.0.0.1:3000:8080"
volumes:
- "/data/dev/rails:/vol"
- "./rails:/opt/allgo"
environment:
RAILS_ENV: development
networks: [dev]
tty: true
stdin_open: true
dev-django:
container_name: dev-django
build: django
#image: allgo/rails
user: "$DOCKERUSER"
ports:
- "127.0.0.1:4000:8080"
volumes:
- "/data/dev/django:/vol"
- "./django:/opt/allgo"
- "./certs:/certs"
networks: [dev]
tty: true
stdin_open: true
environment:
SIGNING_KEY_PATH: "/certs/server.key"
SIGNING_KEY_TYPE: "RSA"
SIGNING_KEY_ALG: "RS256"
ISSUER: "allgo_oauth"
TOKEN_EXPIRATION: "3600"
TOKEN_TYPE: "JWT"
# SMTP
######################################################################################################################
dev-smtpsink:
container_name: dev-smtpsink
build: smtpsink
#image: allgo/smtpsink
ports:
- "127.0.0.1:143:143"
volumes:
- "/data/dev/smtpsink:/vol"
networks: [dev]
# NGINX
######################################################################################################################
dev-nginx:
container_name: dev-nginx
build: nginx
ports:
- "127.0.0.1:80:80"
- "127.0.0.1:443:443"
volumes:
- "/data/dev/nginx:/vol"
networks: [dev]
# TOOLBOX
######################################################################################################################
dev-toolbox:
container_name: dev-toolbox
build: toolbox
volumes:
- "/data/dev/toolbox:/vol"
- "/data/dev/toolbox:/vol"
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment